v2.7.0

Firstly, thanks for the report from @drkinder123. , one of the dependencies (deflate-js) which is licensed under GPLv2, in order to keep the release of samlify under MIT license, we have to replace that library with pako which is released under MIT and zlib license.

If you are using samlify < 2.7.0 in your commercial product, we would like to encourage you to upgrade from the previous version to 2.7.0. In fact, if you upgrade from version 2.6.x, there is no API change.

This release covers:

#334 Replace deflate-js with pako to keep the release under MIT license (@drkinder123)
#337 Expose configuration for setting clock drift (@eisfeuer)
#338 Change Buffer constructor usage to Buffer.from function (@bryaningl3)

---

Samlify is now under the Github sponsorship program, your support would motivate the enhancement and maintenance of the project.

See more https://github.com/sponsors/tngan.

v2.6.3

#256 Clock drift implementation
#326 Add .snyk & package.json to reduce vulnerabilities
#329 Bump handlebars from 4.1.2 to 4.5.3
#332 Remove peerDependencies in package.json

Samlify is now under the Github sponsorship program, your support would motivate the enhancement and maintenance of the project.

See more https://github.com/sponsors/tngan.

v2.6.2

#321 Fixed typo in loginResponseFields (@wdlowry)
#319 Remove recursive import of ServiceProviderSettings (@kevinmctigue)
#315 Fixed typo under SP metadata (@mr-m0u5e)
#309 Fallback to object settings if metadata is not specifying NameIDFormat (@rastko-florencehc)
#306 Fixed missing > in idp metadata.xml sample (@williamli)
#304 Enhancement on developer experience by separating runtime and test build

Samlify is now under the Github sponsorship program, your support would motivate the enhancement and maintenance of the project.

See more https://github.com/sponsors/tngan.

v2.6.1

Release Note

#300 Respect transformationAlgorithms in signed LogoutRequest (@krystianolech)
#295 Default logout request template NameID attributes are not matching with default login template
#294 Bump lodash.merge from 4.6.1 to 4.6.2 (bot)
#291 Fix import statement in code example in README (@kiejo)
#289 Update README.md (@big-kahuna-burger)

v2.6.0

Release Note

This release is to fix the installation of validator module. With v2.5.0, we allowed user to pick different schema validators in production environment, however, the fallback mechanism was error prone and it could install extra validators that never used.

Thanks for the idea from @kiejo (See the discussion thread #274), and we introduced a new way to assign the validator module.

import * as samlify from 'samlify';
import * as validator from '@authenio/samlify-xsd-schema-validator';
// import * as validator from '@authenio/samlify-validate-with-xmllint';
// import * as validator from '@authenio/samlify-node-xmllint';
// import * as validator from '@authenio/samlify-libxml-xsd'; // only support for version of nodejs <= 8

// const validator = require('@authenio/samlify-xsd-schema-validator');
// const validator = require('@authenio/samlify-validate-with-xmllint');
// const validator = require('@authenio/samlify-node-xmllint');
// const validator = require('@authenio/samlify-libxml-xsd');

samlify.setSchemaValidator(validator);

And you can customise your own validator using the new context method setSchemaValidator. The design purpose of the new context module is for global module settings, not limited to schema validator. Check out https://github.com/tngan/samlify/blob/master/src/api.ts for the implementation detail.

samlify.setSchemaValidator({
  validator: (response: string) => { 
    /* implment your own or always returns a resolved promise to skip */
    return Promise.resolve('skipped');
  }
});

We have separated the wrappers of validator module from samlify to other repositories under authenio, in order to have better maintenance and version control.

Node.js version

We have removed the support of Node.js v6 starting from v2.6.0, and added v12 into our testing scope.

News

We are now starting the early stage of the development plan of open-source federation service based on the codebase of samlify. The initial idea is to allow individuals to self-host the federation service, and we will roll out paid plan of hosted service enterprise for advanced features and support.

v2.6.0-rc2

#274 Export without default

v2.5.1

Release Note

#284 Simplify the usage of nameIDFormat
#281 #282 Bump handlebars and js-yaml to get rids of security alerts
#280 Add documentation for key/cert generation
#279 Returns detailed message for failed status code and support two-tiers status error code
#278 Trim unneeded spaces that may make their way in from the metadata (@kingbin)
#273 New validator module NATIVEXMLLINT (@haoleman)
#271 Fix the namespace usage in attribute node (@yelexin)
#264 Fix Idp configuration attribute name. (@AngelMsger)

This patch includes a minor change on handling nameIDFormat. loginNameIDFormat is no longer supported as a property of service provider setting object. Instead, samlify would always pick the first name id format specified in its metadata when sending the authn request.

If you construct the service provider by using the configuration instead of importing metadata directly, the default name id is urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.

If you construct the service provider by importing metadata and no name id format is specified, you could get error from IDP side.

News

2.6.0-rc1 is now in beta tetsting. 2.6.0-rc2 will include the above changes.

v2.5.0

Bump v2.5.0

v2.5.0-rc4

#255 Add Okta documentation

v2.5.0-rc3

Release Note

• Fix security issue on skipping certificate validation when single certificate is used (@kacepe)
• Rename the forked package scope from @Passify to @authenio
• Consume the new commits from auth0/node-xml-encryption and bump xpath and its version

Remarks: The packages under @Passify scope still exists for who didn't upgrade samlify to the latest version, however those package will be stopped for further update and version bump.